Securely pairing a vehicle-mounted wireless sensor with a central device

ABSTRACT

Methods, system, apparatuses, and computer program products for securely pairing a vehicle-mounted wireless sensor with a central device are disclosed. In a particular embodiment, securely pairing a vehicle-mounted wireless sensor with a central device in accordance with the present disclosure includes a vehicle sensor device pairing with a vehicle control system (VCS) using a pre-shared passkey. The pre-shared passkey is shared between the vehicle sensor device and the VCS via an out-of-band exchange. This embodiment also includes the vehicle sensor device transmitting an identifier for a resolvable private address (RPA) to the VCS. In addition, the vehicle sensor device communicates with the VCS using the RPA. In this example embodiment, the RPA is periodically regenerated by the vehicle sensor device.

BACKGROUND

Wireless vehicle sensors, such as wireless tire pressure monitoringsystem (TPMS) sensors, have been introduced to provide vehicle sensordata to a vehicle control system over a radio frequency (RF) link. Inparticular, wireless TPMS sensors have been introduced to the majorityof car markets across the globe, with many regions having legislationrequiring the system for safety or environmental reasons. The system isdesigned to alert the driver of under inflated tire(s). Current systems,such as TPMS, typically employ a unidirectional RF link from the sensorto the vehicle to transmit key data for the sensing application. Thisdata could include pressure, temperature, position, speed/acceleration,unique ID or stimulus, among others. For example, Tire Fill Assist (TFA)is a TPMS feature that has been implemented using the currentunidirectional RF link to the vehicle. This feature allows the vehicleto communicate the status of the TPMS to the user, for example by usingthe horn and/or lights as feedback.

Bluetooth Low Energy (BLE) is a common short-range wireless standardthat may be used for bidirectional communication with a wireless vehiclesensor. However, for many wireless vehicle sensors, it may not bepractical to have a user interface for pairing. Allowing a vehicle toautomatically learn its sensors during drive cycles is not ideal. Thisprocess can take a significant amount of time to complete and is oftenonly run while the vehicle is moving. This results in a period of timewhere the vehicle is not aware of the sensors fitted and thereforecannot warn for pressure deviations. Thus, there is a need to completethe pairing processes in the factory or other installation sites.However, when there is widespread use of BLE devices in a vehicle, therecould be many BLE devices transmitting at one time (e.g., in a tire shopor production line setting), meaning there will be significant crosstalk. Thus, knowing which sensor is the intended target for pairingcould be very difficult or impossible.

SUMMARY OF INVENTION

Embodiments in accordance with the present disclosure are directed tosecurely pairing a vehicle-mounted wireless sensor with a centraldevice. To pair the wireless sensor with the vehicle control system inthe vehicle assembly plant or other installation site, a pairing tool isused for an out-of-band exchange of a shared passkey. Prior tocompleting the pairing process, the shared passkey is exchanged betweenthe wireless sensor and the vehicle control system using the pairingtool. In an example embodiment, the vehicle control system generates thepasskey and provides the passkey to the pairing tool, which wirelesslytransmits the passkey to the wireless sensor. In other embodiments, thepasskey may be generated by the wireless sensor or the pairing tool.During the pairing processing, the passkey that is exchanged in-band iscompared to the passkey exchanged out-of-band to verify that the correctwireless sensor is being paired with the vehicle control system.Accordingly, a passkey verification mechanism may be implemented in awireless vehicle sensor without the need for a physical interface ordisplay on the wireless sensor device. The passkey verification allowsthe vehicle control system to distinctly identify the device that is thetarget for pairing.

To pair the wireless sensor with a wireless mobile device (e.g., auser's smart phone, tablet, smart watch, etc.), the vehicle controlsystem is used to facilitate the exchange of identity informationbetween the wireless sensor and the mobile device. The mobile device,having already paired with the vehicle, may request the vehicle controlsystem to provide identity information for pairing with the wirelesssensor. The vehicle control system may provide the identity informationneeded for the mobile device to initiate the pairing process directlywith the wireless sensor. The vehicle control system may also provideidentity information to the wireless sensor such that the wirelesssensor may be configured with a permitted device list (e.g., awhitelist) for filtering connection requests from devices. Accordingly,identity credentials for pairing the wireless sensor device to a user'ssmart device may be shared through the vehicle control system that hasalready paired with each device.

In a particular embodiment, securely pairing a vehicle-mounted wirelesssensor with a central device in accordance with the present disclosureincludes a vehicle sensor device pairing with a vehicle control system(VCS) using a pre-shared passkey. The pre-shared passkey is sharedbetween the vehicle sensor device and the VCS via an out-of-bandexchange. This embodiment also includes the vehicle sensor devicetransmitting an identifier such as an identity resolving key (IRK) for aresolvable private address (RPA) to the VCS. In addition, the vehiclesensor device communicates with the VCS using the RPA, such that the VCSmay resolve the address of the vehicle sensor device using theidentifier. In this example embodiment, the RPA is periodicallyregenerated by the vehicle sensor device.

In another embodiment, securely pairing a vehicle-mounted wirelesssensor with a central device in accordance with the present disclosureincludes a vehicle control system (VCS) pairing with a wireless vehiclesensor device using a pre-shared passkey, which is shared between thevehicle sensor device and the VCS via an out-of-band exchange. In thisexample embodiment, the VCS receives an identifier such as an identityresolving key (IRK) for the vehicle sensor device, associates theidentifier with a sensor identifier of the vehicle sensor device,receives a packet identified by a resolvable private address (RPA) fromthe vehicle sensor device, and identifies the vehicle sensor devicebased on the RPA using the identifier.

The foregoing and other objects, features and advantages of theinvention will be apparent from the following more particulardescriptions of exemplary embodiments of the invention as illustrated inthe accompanying drawings wherein like reference numbers generallyrepresent like parts of exemplary embodiments of the invention.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1A sets forth an isometric diagram of a system for securely pairinga vehicle-mounted wireless sensor with a central device in accordancewith the present disclosure;

FIG. 1B sets forth a top view of the system of FIG. 1A;

FIG. 2 sets forth a block diagram of an exemplary pairing tool inaccordance with the present disclosure;

FIG. 3 sets forth a block diagram of an exemplary wireless vehiclesensor device in accordance with the present disclosure;

FIG. 4 sets forth a block diagram of an exemplary vehicle control systemin accordance with the present disclosure;

FIG. 5 sets forth a flowchart of an example method for securely pairinga vehicle-mounted wireless sensor with a central device in accordancewith the present disclosure;

FIG. 6 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 7 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 8 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 9 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 10 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 11 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 12 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure;

FIG. 13 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure; and

FIG. 14 sets forth a flowchart of another example method for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure.

DESCRIPTION OF EMBODIMENTS

The terminology used herein for the purpose of describing particularexamples is not intended to be limiting for further examples. Whenever asingular form such as “a”, “an” and “the” is used and using only asingle element is neither explicitly or implicitly defined as beingmandatory, further examples may also use plural elements to implementthe same functionality. Likewise, when a functionality is subsequentlydescribed as being implemented using multiple elements, further examplesmay implement the same functionality using a single element orprocessing entity. It will be further understood that the terms“comprises”, “comprising”, “includes” and/or “including”, when used,specify the presence of the stated features, integers, steps,operations, processes, acts, elements and/or components, but do notpreclude the presence or addition of one or more other features,integers, steps, operations, processes, acts, elements, componentsand/or any group thereof.

It will be understood that when an element is referred to as being“connected” or “coupled” to another element, the elements may bedirectly connected or coupled via one or more intervening elements. Iftwo elements A and B are combined using an “or”, this is to beunderstood to disclose all possible combinations, i.e. only A, only B,as well as A and B. An alternative wording for the same combinations is“at least one of A and B”. The same applies for combinations of morethan two elements.

Accordingly, while further examples are capable of various modificationsand alternative forms, some particular examples thereof are shown in thefigures and will subsequently be described in detail. However, thisdetailed description does not limit further examples to the particularforms described. Further examples may cover all modifications,equivalents, and alternatives falling within the scope of thedisclosure. Like numbers refer to like or similar elements throughoutthe description of the figures, which may be implemented identically orin modified form when compared to one another while providing for thesame or a similar functionality.

Exemplary methods, apparatuses, and computer program products forsecurely pairing a vehicle-mounted wireless sensor with a central devicein accordance with the present disclosure are described with referenceto the accompanying drawings, beginning with FIG. 1A and FIG. 1B. FIG.1A sets forth an isometric diagram of a system (100) for securelypairing a vehicle-mounted wireless sensor with a central device inaccordance with the present disclosure. FIG. 1B sets forth a top view ofthe system of FIG. 1A. The system of FIG. 1A and 1B includes a vehicle(101) equipped with tires (103) and a wireless vehicle sensor device(105). While the embodiment of FIG. 1A and 1B shows the wireless vehiclesensor device is a tire monitoring device (e.g., a TPMS sensor) for thetire (103), it will be appreciated that the wireless vehicle sensordevice (105) may be any vehicle sensor device that is configured forwireless communication, including but not limited to brake pad wearsensors, seat buckle sensors, and other wireless automotive sensors(109). In a particular embodiment, the wireless vehicle sensor device(105) may be a tire pressure monitoring system (TPMS) sensor, andmeasures operational characteristics of the tire, such as tire pressure,tire temperature, and motion characteristics, and communicates thecollected data to a vehicle control system (VCS) (107).

The VCS (107) controls various components and systems within a vehicle.For example, the VCS (107) may include a plurality of electronic controlunits (ECUs) that are configured to control one or more vehiclesubsystems. Commonly referred to as the vehicle's “computers”, an ECUmay be a central control unit or may refer collectively to one or morevehicle subsystem control units. In a particular embodiment, one of thesubsystems in the VCS (107) is a TPMS that receives tire pressure andother measurements from the wireless vehicle sensor device (105). Othersubsystems may include an Engine Control Module (ECM), a PowertrainControl Module (PCM), a Transmission Control Module (TCM), a BodyControl Module (BCM), a Central Timing Module (CTM), a GeneralElectronic Module (GEM), a Remote Keyless Entry Module, and/or aSuspension Control Module (SCM). In an embodiment according to thepresent disclosure, the VCS (107) includes a BCM that includes anAntilock Braking System (ABS) and an Electronic Stability Program (ESP).Alternatively, the VCS (107) may comprise a Telematics Control Unit(TCU) independent of vehicle-based sensors (e.g., an aftermarketsystem).

The wireless vehicle sensor device (105) may be equipped with a wirelesstransceiver for bidirectional wireless communication with the VCS (107),as will be described in more detail below. The VCS (107) may besimilarly equipped with a wireless transceiver for bidirectionalwireless communication with each wireless vehicle sensor device (105),as will be described in more detail below. The bidirectional wirelesscommunication may be realized by communication technology such asBluetooth Low Energy, Bluetooth Smart, or other low power bidirectionalcommunication technology that is intended to conserve energy consumed.Alternatively, the wireless vehicle sensor device (105) may include aunidirectional transmitter configured to transmit signals to the VCS(107).

The wireless vehicle sensor device (105) may be identifiable by a uniqueidentification code, also referred to herein as a sensor identifier(ID). For example, the sensor ID may be a Media Access Control (MAC)address of the wireless vehicle sensor device (105) or a communicationcomponent thereof. As another example, the sensor ID may be a name,serial number or other unique identifier. The sensor ID may be includedin each transmission frame, or may be associated with a particulartransmission channel. However, when the vehicle sensor device (105) isinstalled on the vehicle (101) (e.g., in a vehicle assembly line or at adealership), the wireless vehicle sensor device (105) must first bepaired with the VCS (107). In a production environment, there may bemany wireless sensors that advertising their respective sensor IDs, andthe VCS (107) must be able to correlate advertised sensor IDs to aspecific wireless sensor. In one example of a conventional Bluetoothpairing process, a Generic Access Profile (GAP) central device mightgenerate an access code that is either displayed on a screen of thepairing device and confirmed by a human technician, or manually enteredinto a physical interface of the pairing device by a human technician.However, an automotive sensor may not have a display for displaying theaccess code or physical interface for entering an access code due to thecompact size and embedded nature of automotive sensors. In a particularembodiment in accordance with the present disclosure, a wireless pairingtool (113), such as a handheld device or assembly line station, is usedto facilitate on out-of-band exchange of a share passkey between thewireless vehicle sensor device (105) and the VCS (107), as will beexplained in detail below.

After the vehicle (101) comes into the possession of an owner, a user(e.g., the owner or a repair technician) may wish to initiatebidirectional communication directly with the wireless vehicle sensordevice (105) using the user's wireless device (115) (e.g., asmartphone). Direct communication with the wireless vehicle sensor maybe advantageous, for example, when the wireless vehicle sensor device(105) is a TPMS sensor configured to transmit tire fill assist (TFA)data. However, to pair with the wireless vehicle sensor device (105)with the user's wireless device (115), the user's wireless device (115)must also be able to identify the specific wireless vehicle sensordevice (105). This identification process may be difficult due to crosstalk among other vehicle sensors, and also due to security protocolsimplemented by the wireless vehicle sensor device (105). In a particularembodiment in accordance with the present disclosure, the VCS (107)facilitates exchange of identification credentials between the wirelessvehicle sensor device (105) and the user's wireless device (115), aswill be explained in detail below.

The arrangement of devices making up the exemplary system illustrated inFIG. 1A and FIG. 1B are for explanation, not for limitation. Dataprocessing systems useful according to various embodiments of thepresent disclosure may include additional servers, routers, otherdevices, and peer-to-peer architectures, not shown in FIG. 1A and FIG.1B, as will occur to those of skill in the art. The devices of FIG. 1Aand FIG. 1B and other data processing systems may utilize communicationsprotocols in accordance with embodiments of the present disclosure,including but not limited to TCP (Transmission Control Protocol), IP(Internet Protocol), Bluetooth protocol, Near Field Communication,Controller Area Network (CAN) protocol, Local Interconnect Network (LIN)protocol, Serial Peripheral Interface (SPI) protocol, FlexRay protocol,and others as will occur to those of skill in the art. Variousembodiments of the present disclosure may be implemented on a variety ofhardware platforms in addition to those illustrated in FIG. 1A and FIG.1B.

For further explanation, FIG. 2 sets forth a diagram of an exemplaryimplementation of a pairing tool (200) for securely pairing avehicle-mounted wireless sensor with a central device according toembodiments of the present disclosure. The pairing tool (200) of FIG. 2may include a controller (201), a memory (203), a transceiver (205), anantenna (207), and a vehicle communications bus interface (209). In someembodiments, the pairing tool (200) may also include a low frequencytransmitter (211) configured to transmit a wake-up signal (e.g., a 125kHz exciter signal for a low frequency system of a wireless vehiclesensor device).

The controller (201) of the pairing tool (200) may be configured tofacilitate the exchange of a shared passkey between a wireless vehiclesensor device (e.g., the wireless vehicle sensor device (300) of FIG. 3) and a VCS (e.g., the VCS (400) of the FIG. 4 ), and may comprise asuitably programmed processor, for example a dedicated microprocessor ora microcontroller, or other programmable processing device. Standardcomponents such as random access memory (RAM), an analog-to-digitalconverter (ADC), an input/output (I/O) interface, a clock, and a centralmicroprocessor (all not shown) may be provided, the components typicallybeing integrated onto a single chip. Alternatively or additionally, acustom microcontroller such as an Application Specific IntegratedCircuit (ASIC), a digital signal processor (DSP), a programmable logicarray (PLA) such as a field programmable gate array (FPGA), or otherdata computation unit in accordance with the present disclosure may beused. For example, the shared passkey may be a randomly generated codeor sequential code that is used to identify a wireless vehicle sensoramong multiple wireless vehicle sensors, and may be generated by any ofthe pairing tool (200), the wireless vehicle sensor, or the VCS. Asanother example, the shared passkey may be a VCS security parameter.

The controller (201) of the pairing tool (200) may be configured to sendthe shared passkey to the VCS when the passkey is generated by thepairing tool (200) or the wireless vehicle sensor device. The controller(201) of the pairing tool may also be configured to send the sharedpasskey to the wireless sensor device when the passkey is generated bythe pairing tool (200) or the VCS, or is a security parameter of theVCS. In a particular embodiment, the controller (201) of the pairingtool (200) may receive the passkey from the VCS via the transceiver(205) or the vehicle communications bus interface (209), and may storethe passkey in the memory (203). The controller (201) of the pairingtool (200) may then send the passkey to the wireless vehicle sensor viathe transceiver (205).

The transceiver (205) of the pairing tool may be coupled to thecontroller (201) and the antenna (207), and may be configured forbidirectional wireless communication with the wireless sensor deviceand, in some embodiments, the VCS. For example, once the transceiver isconfigured for communication with the VCS, the transceiver may be usedto transmit tire parameters (e.g., tire pressure) to the VCS and receivevehicle parameters and configuration parameters from the VCS. Thetransceiver (233) may be configured to communicate a sensor ID to aremote device such as an activation tool or activation station in anassembly line. The transceiver (205) may be configured for operationwithin a particular RF band, such as the Industrial, Scientific andMedical (ISM) 2.4 GHz band with a frequency range of 2.4 GHz to 2.5 GHzthat includes an unlicensed portion of the RF spectrum. In a particularembodiment, the transceiver (205) may be a Bluetooth protocoltransceiver, such as a Bluetooth Low Energy transceiver or a BluetoothSmart transceiver, operating between 2.4 GHz and 2.4835 GHz. In anembodiment, the transceiver (205) may be further configured to transmita 2.4 GHz band wake-up signal to a low power receiver of the wirelesssensor device to transition the wireless sensor device from a standbystate to an active state where a transceiver of the wireless sensordevice is brought online.

For further explanation, FIG. 3 sets forth a diagram of an exemplaryimplementation of a wireless vehicle sensor device (300) for securelypairing a vehicle-mounted wireless sensor with a central deviceaccording to embodiments of the present disclosure. The wireless vehiclesensor device (300) of FIG. 3 may include a controller (301), a memory(303), a battery (305), a transceiver (323), a wakeup module (325), andan antenna (307). In a particular embodiment, the wireless vehiclesensor device may be a tire monitoring device and may include one ormore sensors (309), such as a pressure sensor (e.g. a piezo resistivetransducer or a piezoelectric or capacitance based pressure sensor formeasuring air pressure in a respective tire), a temperature sensor, anda motion sensor (e.g., an accelerometer responsive to accelerationand/or changes in acceleration experienced during rotation of arespective tire).

The controller (301) of the wireless vehicle device (300) may beconfigured to pair the wireless vehicle device (300) with a VCS (e.g.,the VCS (400) of FIG. 4 ) and to provide sensor data (e.g., tirepressure, brake pad wear, etc.) to the VCS. The controller (301) of thewireless vehicle device (300) may be configured to communicate with apairing tool (e.g., the pairing tool (200) of FIG. 2 ) to send orreceive a shared passkey for pairing with the VCS, as will be explainedbelow. The controller (301) of the wireless vehicle device (300) mayalso be configured to pair with a user device (e.g., a smart phone) andto provide sensor data (e.g., tire fill assist data) to the user device,as will be explained below. The controller (301) of the wireless vehicledevice (300) may comprise a suitably programmed processor, for example adedicated microprocessor or a microcontroller, or other programmableprocessing device. Standard components such as random access memory(RAM), an analog-to-digital converter (ADC), an input/output (I/O)interface, a clock, and a central microprocessor (all not shown) may beprovided with the components typically being integrated onto a singlechip. Alternatively or additionally, a custom microcontroller such as anApplication Specific Integrated Circuit (ASIC), a digital signalprocessor (DSP), a programmable logic array (PLA) such as a fieldprogrammable gate array (FPGA), or other data computation unit inaccordance with the present disclosure may be used.

The transceiver (323) of the wireless vehicle sensor device (300) may becoupled to the controller (301) and the antenna (307), and may beconfigured for bidirectional wireless communication with other wirelessmodules, including but not limited to the VCS, a wireless pairing tool,and a user device (e.g., a smartphone). For example, to pair with theVCS, the transceiver (323) and the wakeup module (325) may be used tocommunicate with the wireless pairing tool to send or receive a sharedpasskey as part of an out-of-band exchange of the shared passkey. Asanother example, the transceiver (323) may be used to share identityinformation with the VCS during the pairing process. As yet anotherexample, once the transceiver (323) is paired with a wirelesstransceiver of the VCS, the transceiver (323) may be used to transmitsensor data (e.g., tire pressure) to the VCS and receivevehicle-provided parameters (e.g., identity information for credentialeddevices) and configuration parameters from the VCS. As yet anotherexample, once the transceiver (323) has received identity informationfor a credentialed device, the transceiver (323) may be used tocommunicate with the credentialed device such as the user device.

The transceiver (323) may be configured for operation within aparticular RF band, such as the ISM 2.4 GHz band with a frequency rangeof 2.4 GHz to 2.5 GHz that includes an unlicensed portion of the RFspectrum. In a particular embodiment, the transceiver (323) may be aBluetooth protocol transceiver, such as a Bluetooth Low Energytransceiver or a Bluetooth Smart transceiver, operating between 2.4 GHzand 2.4835 GHz. In other embodiments, the transceiver (323) may be othertypes of low power radio frequency communication technology that isintended to conserve energy consumed in the tire monitor device.

The wakeup module (325) may be configured to receive an activationsignal from the wireless pairing tool or other remote device. In anembodiment, the wakeup module may be a low frequency (LF) systemcomprising an LF coil with associated tuning capacitors, an LF amplifiercircuity, and a decoding circuit (all not shown). The LF system maydetect a signal (e.g., 125 kHz signal) from the remote device via the LFcoil and provides a wakeup signal to the controller (301). In anotherembodiment, the wakeup module (325) may be a low power receiverconfigured to receive an activation signal from the wireless pairingtool or other remote device and provide a wakeup signal to thecontroller (301). The low power receiver may be configured forcommunication within the same RF band as the transceiver (323) (i.e.,the ISM 2.4 GHz band with a frequency range of 2.4 GHz to 2.5 GHz). Assuch, remote devices such as the pairing tool or an activation stationin an assembly line may communicate an activation signal to the lowpower receiver using the same transceiver used by the remote device tocommunicate with other sensors and devices (e.g., other Bluetoothprotocol sensors). As such, a separate activation system, such as an LFsystem, is not required to activate the wireless vehicle sensor device(300).

The memory (305) may be a non-volatile memory (e.g., flash memory) thatstores sensor data, configuration parameters, security credentials,and/or a local identifier such as an identity resolving key (IRK). Thememory (305) may also store a data structure embodying a permitteddevice list indicating a list of sensor IDs from which a connectionrequest may be accepted. For example, the permitted device list mayinclude devices that the VCS has credentialed. The permitted device listmay also store a peer IRK for each sensor ID.

The wireless vehicle sensor device (300) may also include acommunications interface (335) for organizing data according tocommunications protocols for transmitting and receiving data via thetransceiver (323). For example, the communications interface (335) mayencapsulate data in packets in accordance with the Bluetooth protocol.The wireless vehicle sensor device (300) may also include a powerinterface (not shown) for supplying power received from the battery(305) to the various components of the wireless vehicle sensor device(300).

The battery (305) may provide power to the power interface of thewireless vehicle sensor device (300). However, it is also contemplatedthat other power sources may be used (e.g., thermoelectric orpiezoelectric generators, electromagnetic induction device, and/or otherenergy harvesters) instead of or in addition to the battery (305).

The antenna (307) may be used by the wireless vehicle sensor device(300) to transmit and receive RF signals. The antenna (307) may becoupled to the transceiver (323) for transmitting and receiving RFsignals. The antenna (307) may also be coupled to the wakeup module(325) for receiving an RF activation signal.

In a particular embodiment, the wireless vehicle sensor device (300) maybe installed on the vehicle at a vehicle dealership, a tire dealership,a repair shop, or a vehicle OEM assembly line. At the time of activationand installation of the wireless vehicle sensor device (300) on orwithin the vehicle, the wireless vehicle sensor device (300) has not yetbeen paired with the VCS of the vehicle. To pair with the VCS, thewireless vehicle sensor device (300) may transmit a pre-shared passkeyto a wireless transceiver of the VCS along with the sensor ID of thewireless vehicle sensor device (300). The pre-shared passkey may betransmitted during one or more communication frames sent from thewireless vehicle sensor device (300) to the VCS, and may also beincluded in subsequent packets. The VCS may then use the pre-sharedpasskey to identify the wireless vehicle sensor device (300), andassociate the sensor ID (e.g., MAC address) of the wireless vehiclesensor device (300) with the identity of the sensor.

To facilitate the sharing of the pre-shared passkey in advance ofpairing, the wireless vehicle sensor device (300) may be configured tosend or receive the pre-shared passkey from a wireless pairing tool(e.g., the pairing tool (200) of FIG. 2 ). For example, the sharedpasskey may be a randomly generated code or sequential code that is usedto identify a wireless vehicle sensor device (300) among multiplewireless vehicle sensors, and may be generated by any of the pairingtool, the wireless vehicle sensor device (300), or the VCS. As anotherexample, the shared passkey may be a VCS security parameter. Thecontroller (301) of the wireless vehicle sensor device (300) may beconfigured to send the shared passkey to the pairing tool when thepasskey is generated by the wireless vehicle sensor device (300). Thecontroller (301) of the wireless vehicle sensor device (300) may also beconfigured to receive the shared passkey from the pairing tool when thepasskey is generated by the pairing tool or the VCS, or is a securityparameter of the VCS.

In a particular embodiment, the controller (301) of the wireless vehiclesensor device (300) may receive a shared passkey generated by the VCSfrom the pairing tool via the transceiver (323) or the wakeup module(325). That is, the VCS may generate the shared passkey and may providethe shared passkey to the pairing tool via a wired or wireless vehiclecommunications bus interface with the pairing tool, and the pairing toolmay wirelessly transmit the shared passkey to the transceiver (323) orthe wakeup module (325) of the wireless vehicle sensor device (300). Thecontroller (301) may store the shared passkey generated by the VCS andreceived from the pairing tool in the memory (303) of the wirelessvehicle sensor device (300). To pair the wireless vehicle sensor device(300) with the VCS, the wireless vehicle sensor device (300) maytransmit the shared passkey in a packet including with the sensor ID ofthe wireless vehicle sensor device (300) to the VCS.

To enhance privacy, the controller (301) of the wireless vehicle sensordevice (300) may also be configured to generate a resolvable privateaddress (RPA) and transmit communication packets using the RPA in placeof the sensor ID. The RPA may be generated based on a random number andsecret identity resolving key (IRK). The IRK may be provided by thewireless vehicle sensor device (300) to the VCS as part of the pairingprocess such that the VCS may recognize the wireless vehicle sensordevice (300) by decoding the RPA using the IRK to ascertain the sensorID. Accordingly, the wireless vehicle sensor device (300) mayperiodically regenerate an RPA that may be decoded by the VCS whileavoiding tracking of the wireless vehicle sensor device (300) by anunauthorized device.

To pair the wireless vehicle sensor device (300) with an externalwireless device (e.g., a user's smartphone) that is not part of the VCS,the external wireless device must also have the IRK to identify thewireless vehicle sensor device (300) based on the advertised RPA.Further, the wireless vehicle sensor device (300) may be configured todeny connection requests from unpermitted or unidentified devices, andthus may only permit a connection request from a device that has beenadded to a permitted device list. The controller (301) of the wirelessvehicle sensor device (300) may be configured to receive identitycredentials for an external wireless device from the VCS and store theidentity credentials on a permitted devices list in the memory (303).For example, the received identity credentials may be the device ID ofthe external wireless device, and an IRK of the external wireless deviceif it implements RPA. Subsequently, upon receiving a connection requestfrom the external wireless device, the controller (301) of the wirelessvehicle sensor device (300) may be configured to determine, based on thesensor ID and the permitted device list, that the external wirelessdevice making the request is a permitted device. In response todetermining that the requesting device is a permitted device, thecontroller (301) of wireless vehicle sensor device (300) may beconfigured to accept the connection request and pair with the externalwireless device.

For further explanation, FIG. 4 sets forth a diagram of an exemplaryvehicle control system (VCS) (400) for securely pairing avehicle-mounted wireless sensor with a central device according toembodiments of the present disclosure. The VCS (400) includes a VCScontroller (401) coupled to a memory (403) and a transceiver (405). TheVCS controller (401) may be configured to obtain sensor readings relatedto vehicle operating conditions (e.g., from the wireless vehicle sensordevice (300) of FIG. 3 ). The VCS controller (401) may be furtherconfigured to communicate with a pairing tool (e.g., the pairing tool(200) of FIG. 2 ) to send or receive a shared passkey for pairing withthe wireless vehicle sensor device, as will be explained below. Thecontroller (401) of the VCS (400) may also be configured to pair with anexternal user device (e.g., a smart phone) and to facilitate theexchange of identity credentials between the external user device andthe wireless vehicle sensor device, as will explained below. Forexample, the controller (401) may provide, via the transceiver (405), aconfiguration parameter to the wireless vehicle sensor device for addingthe external wireless device to a permitted device list, and thecontroller (401) may provide, via the transceiver (405), identityinformation for the wireless vehicle sensor device to the externalwireless device. The VCS controller (401) may include or implement amicrocontroller, an Application Specific Integrated Circuit (ASIC), adigital signal processor (DSP), a programmable logic array (PLA) such asa field programmable gate array (FPGA), or other data computation unitin accordance with the present disclosure. The sensor readings and datareceived from the wireless vehicle sensor device, may be stored in thememory (403). The memory (403) may be a non-volatile memory such asflash memory. For example, the VCS (400) may obtain vehicle operatingcondition data such as sensor readings from sensors on-board the vehicleand/or vehicle tires.

For bidirectional wireless communication with a wireless vehicle sensordevice, the pairing tool, and the external wireless device, the VCS(400) may include a transceiver (405) coupled to the VCS controller(401). For example, to pair with the wireless vehicle sensor device, thetransceiver (405) may be used to communicate with the wireless pairingtool to send or receive a shared passkey. As another example, once thetransceiver (405) is paired with a wireless transceiver of the wirelessvehicle sensor device, the transceiver (405) may be used to receivesensor parameters (e.g., tire pressure) from the wireless vehicle sensordevice, and to transmit configuration parameters (e.g., identityinformation for credentialed devices) to the wireless vehicle sensordevice. As yet another example, the transceiver (405) may be used toreceive a request from the external wireless device to pair with thewireless vehicle sensor device and to transmit an IRK for connecting tothe wireless vehicle sensor device to the external wireless device.

The transceiver (405) may be configured for operation within aparticular RF band, such as the ISM 2.4 GHz band with a frequency rangeof 2.4 GHz to 2.5 GHz that includes an unlicensed portion of the RFspectrum. In one embodiment, the transceiver (405) may be a Bluetoothprotocol transceiver. The VCS (400) may further include a cloudtransceiver (407) for cellular terrestrial communication, satellitecommunication, or both. For example, the cloud transceiver (407) may beused to communicate tire parameters (e.g., tire pressure) to a remoteserver. The cloud transceiver (407) may also be used to receiveconfiguration parameters for the vehicle.

The VCS (400) may further comprise a controller area network (CAN)interface (409) for communicatively coupling vehicle sensors (417) anddevices to the controller (401), such as wheel speed sensors, a yaw ratesensor, an inclination sensor, and other sensors, to the controller(401). The CAN interface (409) may couple an I/O port (415) to thecontroller (401). The port (415) may be used to send or receive a sharedpasskey. For example, a pairing tool may connect to the port for inputor output of the shared passkey. The CAN interface (409) may also couplea display interface (419) to the controller (401). The display interface(419) may be used to output indicia of vehicle sensor parameters (e.g.,tire pressure parameters) to a dashboard or display of the vehicle. Forexample, the display port may be used to output tire pressure indicia tothe dashboard or display to warn the driver about low tire pressuredetected in a tire by a tire monitor device.

In a particular embodiment, to pair with wireless vehicle sensor device,the VCS (400) may receive a pre-shared passkey from the wirelesstransceiver of the wireless vehicle sensor device (e.g., the wirelessvehicle sensor device (300) of FIG. 3 ) in association with the uniquesensor ID of the wireless vehicle sensor device. The pre-shared passkeymay be transmitted during the initial communication packet(s) sent fromthe wireless vehicle sensor device to the VCS (400) and may also beincluded in subsequent packets. The VCS (400) may compare the localinstance of the pre-shared key to the instance of the pre-shared keyreceived from the wireless vehicle sensor device to verify the identityof the wireless vehicle sensor device, and may store the sensor ID ofthe wireless vehicle sensor device in the memory (403).

To facilitate the sharing of the pre-shared passkey in advance ofpairing, the VCS (400) may be configured to send or receive thepre-shared passkey from a wireless pairing tool (e.g., the pairing tool(200) of FIG. 2 ). For example, the shared passkey may be a randomlygenerated code or sequential code that is used to identify a wirelessvehicle sensor device among multiple wireless vehicle sensors, and maybe generated by any of the pairing tool, the wireless vehicle sensordevice, or the VCS (400). As another example, the shared passkey may bea VCS security parameter. The controller (401) of the VCS (400) may beconfigured to send the shared passkey to the pairing tool when thepasskey is generated by the VCS (400). The controller (401) of the VCS(400) may also be configured to receive the shared passkey from thepairing tool when the passkey is generated by the pairing tool or thewireless vehicle sensor device.

In a particular embodiment, the controller (401) of the VCS (400) mayreceive a passkey and/or may transmit the passkey to the pairing toolvia the transceiver (405) or the CAN interface (409). That is, thecontroller (401) of the VCS (400) may generate the shared passkey andprovide the shared passkey to the pairing tool via a wireless (e.g.,Bluetooth) or wired connection, and the pairing tool wirelesslytransmits the shared passkey to the transceiver of the wireless vehiclesensor device. Subsequently, the controller (401) of the VCS (400) mayreceive the shared passkey from the wireless vehicle sensor device in apacket that includes the sensor ID.

To enhance privacy, the controller (401) of the VCS (400) may also beconfigured to receive an IRK of the wireless vehicle sensor device andassociate the IRK with the sensor ID in a data structure stored in thememory (405). When a packet transmitted using an RPA is received by thecontroller (401), the RPA may be resolved using the IRK to ascertain thesensor ID of the wireless vehicle sensor device that transmitted thepacket.

To facilitate the pairing of a wireless vehicle sensor device with anexternal wireless device (e.g., a user's smartphone) that is not part ofthe VCS (400), the controller (401) of the VCS (400) may be configuredto receive, via the transmitter (405), a request for connection to thewireless vehicle sensor device from the external wireless device, and toprovide the external wireless device with the sensor ID of the wirelessvehicle sensor device acquired during pairing with the wireless vehiclesensor device. The controller (401) may also provide the IRK of thewireless vehicle sensor device to the external wireless device. Thecontroller (401) of the VCS (400) may also be configured to transmitidentity credentials of the external wireless device to the wirelessvehicle sensor device for addition to a permitted device list maintainedon the wireless vehicle sensor device. For example, the controller(401), via the transceiver (405), may transmit the device ID (e.g., MACaddress) of the external wireless device as well as an IRK of theexternal wireless device if it implements an RPA.

For further explanation, FIG. 5 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the present disclosurethat includes pairing (502), by the vehicle sensor device (501), with avehicle control system (VCS) (503) using a pre-shared passkey, whereinthe pre-shared passkey is shared between the vehicle sensor device andthe VCS (503) via an out-of-band exchange. Pairing (502), by the vehiclesensor device (501) (e.g., the vehicle sensor device (300) of FIG. 2 ),with a vehicle control system (VCS) (503) (e.g., the VCS (400) of FIG. 4) using a pre-shared passkey, wherein the pre-shared passkey is sharedbetween the vehicle sensor device and the VCS (503) via an out-of-bandexchange may be carried out by the vehicle sensor device (501) and theVCS (503) exchanging a pre-shared passkey via an external device that isconfigured for communication with both the vehicle sensor device (501)and the VCS (503). For example, before communication is initiatedbetween the vehicle sensor device (501) the VCS (503), a device that isnot a component of the vehicle may distribute the pre-shared passkey viaa wireless connection to the vehicle sensor device (501) and a wired orwireless connection to the VCS (503).

The exchange of the pre-shared passkey is out-of-band in that thepasskey must be provided to the target pairing device outside of acommunication channel between the vehicle sensor device (501) and theVCS (503). For example, a pairing tool may communicate with the vehiclesensor device (501) via a wireless out-of-band connection, and the samepairing tool may communicate with the VCS (503) via a wireless interface(e.g., Bluetooth), or via a different type of wireless interface (e.g.,WiFi), or via a wired connection to the vehicle communication bus or CANinterface. In a particular embodiment, the vehicle sensor device (501)may include a BLE transceiver that is paired with a BLE transceivercoupled to the VCS (503). The pre-shared passkey may be a randomlygenerated code (e.g., a 16 bit integer) or a security parameter.

The method of FIG. 5 also includes transmitting (504), by the vehiclesensor device (501), at least an identifier (e.g., an identity resolvingkey (IRK)) (505) for a resolvable private address (RPA) to the VCS(503). Transmitting (504), by the vehicle sensor device (501), at leastthe ID (505) for a resolvable private address (RPA) to the VCS (503) maybe carried out by the vehicle sensor device (501) transmitting a packetcontaining the IRK to the VCS (503). The IRK may be used by the VCS(503) to compute a hash of the RPA using the IRK and an encryptionfunction to resolve the sensor ID of the vehicle sensor device (503).The IRK may be programmed into the vehicle sensor device (501) by theOEM, configured in the vehicle sensor device (501) using the pairingtool, or randomly generated. The sensor ID may be a Bluetooth address, apublic address, the MAC address, a static random address, or otheraddress of the vehicle sensor device (501). In some embodiments,transmitting (504) at least an identifier (e.g., the identity resolvingkey (IRK) (505) for a resolvable private address (RPA) to the VCS (503)may be carried out by a wireless tool (e.g., the pairing tool (200) ofFIG. 2 ). For example, the wireless tool may provide the IRK to be usedby the vehicle sensor device (501) to the VCS (503).

The method of FIG. 5 also includes communicating (506), by the vehiclesensor device (501), with the VCS (503) using the RPA, wherein the RPAis periodically regenerated by the vehicle sensor device (501).Communicating (506), by the vehicle sensor device (501), with the VCS(503) using the RPA, wherein the RPA is periodically regenerated by thevehicle sensor device (501) may be carried out by the vehicle sensordevice (501) sending packets to the VCS (503) via a channel advertisedusing the RPA. An RPA timeout may cause the controller of the vehiclesensor device (501) to regenerate the RPA to prevent device tracking.

For further explanation, FIG. 6 sets forth a flow chart illustratinganother exemplary method for securely pairing a vehicle-mounted wirelesssensor with a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 5 , the method of FIG. 6also includes pairing (502), by the vehicle sensor device (501), with avehicle control system (VCS) (503) using a pre-shared passkey, whereinthe pre-shared passkey is shared between the vehicle sensor device andthe VCS (503) via an out-of-band exchange; transmitting (504), by thevehicle sensor device (501), at least an identifier (e.g., an identityresolving key (IRK)) (505) for a resolvable private address (RPA) to theVCS (503); and communicating (506), by the vehicle sensor device (501),with the VCS (503) using the RPA, wherein the RPA is periodicallyregenerated by the vehicle sensor device (501).

The method of FIG. 6 differs from the method of FIG. 5 in that themethod of FIG. 6 also includes receiving (602), by the vehicle sensordevice (501) from the VCS (503), identity credentials (601) for a mobiledevice (603). Receiving (602), by the vehicle sensor device (501) fromthe VCS (503), identity credentials (601) for a mobile device (603) maybe carried out by the vehicle sensor device (501) receiving a packetfrom the VCS (503) that includes identity credentials for a mobiledevice (e.g., a user's smart device such as a smartphone) that hastransmitted, to the VCS (503), a request to pair with the vehicle sensordevice (501). For example, the identity credentials (601) may includethe public address, MAC address, IRK, and/or other identifyinginformation of the mobile device (603). In this example, the VCS (503)has already paired with the mobile device (603) and, as such, hasobtained the information for the identify credentials (601) from themobile device (603).

The method of FIG. 6 also differs from the method of FIG. 5 in that themethod of FIG. 6 also includes adding (604), by the vehicle sensordevice (501), the identity credentials (601) to a permitted device list.Adding (604), by the vehicle sensor device (501), the identitycredentials (601) to the permitted device list may be carried out by thevehicle sensor device (501) storing the identify credentials in a datastructure (e.g., a whitelist) that includes identifying information fordevices from which the vehicle sensor device (501) will acceptconnection requests. By filtering the devices from which the vehiclesensor device (501) will accept connection requests, power consumptionmay be reduced in that the vehicle sensor device (501) does not need torespond to every request from every device, and also enhances thesecurity of the vehicle sensor device (501).

For further explanation, FIG. 7 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 6 , the method of FIG. 7also includes pairing (502), by the vehicle sensor device (501), with avehicle control system (VCS) (503) using a pre-shared passkey, whereinthe pre-shared passkey is shared between the vehicle sensor device andthe VCS (503) via an out-of-band exchange; transmitting (504), by thevehicle sensor device (501), at least an identifier (e.g., an identityresolving key (IRK) for a resolvable private address (RPA) to the VCS(503); communicating (506), by the vehicle sensor device (501), with theVCS (503) using the RPA, wherein the RPA is periodically regenerated bythe vehicle sensor device (501); receiving (602), by the vehicle sensordevice (501) from the VCS (503), identity credentials (601) for a mobiledevice (603); and adding (604), by the vehicle sensor device (501), theidentity credentials (601) to a permitted device list.

The method of FIG. 7 differs from the method of FIG. 6 in that themethod of FIG. 7 also includes receiving (702) by the vehicle sensordevice (501), a wireless connection request (701) from the mobile device(603) of the mobile device (603). Receiving (702) by the vehicle sensordevice (501), the wireless connection request (701) from the mobiledevice (603) may be carried out by the vehicle sensor device (501)receiving a the communication request over a channel advertised withidentity information of the mobile device (603). For example, theidentity information may be a public address, MAC address, RPA, or otheraddress of the mobile device. If the identity information includes anRPA, the RPA may be resolved by applying peer IRKs stored on the vehiclesensor device (501) (e.g., received from the VCS (503). The vehiclesensor device (501) may filter the wireless connection request using thepermitted device list to determine whether the vehicle sensor device(501) should accept the wireless connection request (701).

The method of FIG. 7 also differs from the method of FIG. 6 in that themethod of FIG. 7 also includes accepting (704), by the vehicle sensordevice (501), the wireless connection request (701) from the mobiledevice (603) in response to determining that the mobile device (603) ison the permitted device list. Accepting (704), by the vehicle sensordevice (501), the wireless connection request (701) from the mobiledevice (603) in response to determining that the mobile device (603) ison the permitted device list may be carried out by the vehicle sensordevice (501) determining, based on the identity information of themobile device (603) and the permitted device list, that the vehiclesensor device (501) may accept the wireless connection request (701) andpair with the mobile device.

In a particular embodiment, the vehicle sensor device (501) includes aTPMS sensor, and the mobile device (603) is a smart device such as asmartphone. The mobile device (603) may pair with the vehicle sensordevice to receive tire fill assist data including tire pressuremeasurements for the purpose of inflating the vehicle tire to thecorrect pressure.

For further explanation, FIG. 8 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 5 , the method of FIG. 8also includes pairing (502), by the vehicle sensor device (501), with avehicle control system (VCS) (503) using a pre-shared passkey, whereinthe pre-shared passkey is shared between the vehicle sensor device andthe VCS (503) via an out-of-band exchange; transmitting (504), by thevehicle sensor device (501), at least an identifier (505) for aresolvable private address (RPA) to the VCS (503); and communicating(506), by the vehicle sensor device (501), with the VCS (503) using theRPA, wherein the RPA is periodically regenerated by the vehicle sensordevice (501).

The method of FIG. 8 differs from the method of FIG. 5 in that pairing(502), by the vehicle sensor device (501), with the VCS (503) using thepre-shared passkey, wherein the pre-shared passkey is shared between thevehicle sensor device and the VCS (503) via an out-of-band exchange,includes exchanging (802) the pre-shared passkey via a pairing tool(801) configured for wireless communication with the vehicle sensordevice (501) and for communication with the VCS (503). Exchanging (802)the pre-shared passkey via a pairing tool (801) configured for wirelesscommunication with the vehicle sensor device (501) and for communicationwith the VCS (503) may be carried out by the vehicle sensor device (501)wirelessly transmitting or receiving the pre-shared passkey to awireless tool (e.g., the pairing tool (200) of FIG. 2 ). In an exemplaryembodiment, the vehicle sensor device (501) may receive, from thewireless tool, a pre-shared passkey that was generated by the pairingtool, the VCS (503), or another device configured to facilitate thepairing of the vehicle sensor device (501) with the VCS (503). Inanother exemplary embodiment, the vehicle sensor device (501) maytransmit, to the wireless tool, a pre-shared passkey that was generatedby the vehicle sensor device (501). In a particular embodiment, thevehicle sensor device (501) may receive the pre-shared passkey from thepairing tool via a BLE transceiver. In other embodiments, the vehiclesensor device (501) may receive the passkey via a low frequency receiver(e.g., via 125 kHz signal), a low power receiver (e.g., via a 2.4 GHzsignal), Near Field Communication (NFC), or Radio FrequencyIdentification (RFID).

For further explanation, FIG. 9 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 5 , the method of FIG. 9also includes pairing (502), by the vehicle sensor device (501), with avehicle control system (VCS) (503) using a pre-shared passkey, whereinthe pre-shared passkey is shared between the vehicle sensor device andthe VCS (503) via an out-of-band exchange; transmitting (504), by thevehicle sensor device (501), at least an identifier (505) for aresolvable private address (RPA) to the VCS (503); and communicating(506), by the vehicle sensor device (501), with the VCS (503) using theRPA, wherein the RPA is periodically regenerated by the vehicle sensordevice (501).

The method of FIG. 9 also differs from the method of FIG. 5 in thatpairing (502), by the vehicle sensor device (501), with the VCS (503)using the pre-shared passkey, wherein the pre-shared passkey is sharedbetween the vehicle sensor device and the VCS (503) via an out-of-bandexchange, includes transmitting (902) the pre-shared passkey (901) tothe VCS (503) in one or more communication frames. Transmitting (902)the pre-shared passkey to the VCS (503) in one or more communicationframes may be carried out by the vehicle sensor device (501)transmitting a packet to the VCS (503) over a communication channeladvertised with the sensor ID of the vehicle sensor device (501) as partof the initial communication between the vehicle sensor device (501) andthe VCS (503). For example, the pre-shared passkey may be transmitted inone or more initial communication frames so that the VCS (503) mayidentify the vehicle sensor device (501) based on the pre-sharedpasskey.

For further explanation, FIG. 10 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the present disclosurethat includes pairing (1002), by the vehicle sensor device (VCS) (1001),with a wireless vehicle sensor device (1003) using a pre-shared passkey,wherein the pre-shared passkey is shared between the vehicle sensordevice (1003) and the VCS (1001) via an out-of-band exchange. Pairing(1002), by the vehicle sensor device (VCS) (1001), with a wirelessvehicle sensor device (1003) using a pre-shared passkey, wherein thepre-shared passkey is shared between the vehicle sensor device (1003)and the VCS (1001) via an out-of-band exchange may be carried out by thevehicle sensor device (1003) and the VCS (1001) exchanging a pre-sharedpasskey via an external device that is configured for communication withboth the vehicle sensor device (1003) and the VCS (1001). For example,before communication is initiated between the vehicle sensor device(1003) and the VCS (1001), a device (e.g., the pairing tool (200) ofFIG. 2 ) that is not a component of the vehicle may distribute thepre-shared passkey via a wireless connection to the vehicle sensordevice (1003) and a wired or wireless connection to the VCS (1001).

The method of FIG. 10 also includes receiving (1004), by the VCS (1001),at least an address identifier (e.g., an identity resolving key (IRK))for the vehicle sensor device (1003). Receiving (1004), by the VCS(1001), at least address identifier for the vehicle sensor device (1003)may be carried out by the VCS (1001) receiving a packet containing anIRK transmitted by the vehicle sensor device (1003). In some examples,the VCS (1001) receives the IRK via a wireless tool (e.g., the pairingtool (200) of FIG. 2 ).

The method of FIG. 10 also includes associating (1006), by the VCS(1001), the address identifier with a sensor identifier of the vehiclesensor device (1003). Associating (1006), by the VCS (1001) the addressidentifier with a sensor identifier of the vehicle sensor device (1003)may be carried out by the VCS (1001) storing the IRK and associatedsensor identifier of the vehicle sensor device (1003) in a datastructure.

The method of FIG. 10 also includes receiving (1008), by the VCS (1001),a packet (1005) identified by a resolvable private address (RPA) fromthe vehicle sensor device (1003). Receiving (1008), by the VCS (1001), apacket (1005) identified by the RPA from the vehicle sensor device(1003) may be carried out by the VCS (1001) receiving the packet (1005)from the vehicle sensor device (1003) over a communication channeladvertised with the RPA of the vehicle sensor device (1003)

The method of FIG. 10 also includes identifying (1010), by the VCS(1001), the vehicle sensor device (1003) from the RPA using the addressidentifier. Identifying (1010), by the VCS (1001), the vehicle sensordevice (1003) from the RPA using the address identifier may be carriedout by the VCS (1001) computing a hash of an RPA using the addressidentifier (e.g., an IRK) and an encryption function to resolve thesensor identifier associated with the vehicle sensor device (1003).

For further explanation, FIG. 11 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 10 , the method of FIG. 11also includes pairing (1002), by the vehicle sensor device (VCS) (1001),with a wireless vehicle sensor device (1003) using a pre-shared passkey,wherein the pre-shared passkey is shared between the vehicle sensordevice (1003) and the VCS (1001) via an out-of-band exchange; receiving(1004), by the VCS (1001), at least an address identifier for thevehicle sensor device (1003); associating (1006), by the VCS (1001), theaddress identifier with a sensor identifier of the vehicle sensor device(1003); receiving (1008), by the VCS (1001), a packet (1005) identifiedby a resolvable private address (RPA) from the vehicle sensor device(1003); and identifying (1010), by the VCS (1001), the vehicle sensordevice (1003) from the RPA using the address identifier.

The method of FIG. 11 differs from the method of FIG. 10 in that themethod of FIG. 11 also includes receiving (1102), by the VCS (1001), apairing request (1101) for the vehicle sensor device (1003) from amobile device (1103). Receiving (1102), by the VCS (1001), the pairingrequest (1101) for the vehicle sensor device (1003) from the mobiledevice (1103) may be carried out by the VCS (1001) receiving a requestfrom a mobile device (1103) (e.g., a user's smart device such as a smartphone) for identity information for communicating with a particularvehicle sensor device (1003). For example, the mobile device (1103) maybe a device that is already paired (e.g., via a Bluetooth connection)with the VCS (1001) such that the VCS (1001) has already recordedidentity information for the mobile device (e.g., Bluetooth address,device address, public address, IRK, etc.). In a particular embodiment,the vehicle sensor device (1003) may include a TPMS sensor, and themobile device (1103) may be a smart device such as a smartphone. Themobile device (1103) may pair with the vehicle sensor device (1003) toreceive tire fill assist data including tire pressure measurements forthe purpose of inflating the vehicle tire to the correct pressure.

The method of FIG. 11 also differs from the method of FIG. 10 in thatthe method of FIG. 11 also includes sending (1104), from the VCS (1001),the sensor identifier and the address identifier (e.g., the IRK) ofvehicle sensor device (1003) to the mobile device (1103). Sending(1104), from the VCS (1001), the sensor identifier and the addressidentifier of vehicle sensor device (1003) to the mobile device (1103)may be carried out by the VCS (1001) identifying the stored IRK andother identifying information of the vehicle sensor device (1003) andtransmitting (e.g., via the Bluetooth connection) the IRK and otheridentifying information to the mobile device (1103).

For further explanation, FIG. 12 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 11 , the method of FIG. 12also includes pairing (1002), by the vehicle sensor device (VCS) (1001),with a wireless vehicle sensor device (1003) using a pre-shared passkey,wherein the pre-shared passkey is shared between the vehicle sensordevice (1003) and the VCS (1001) via an out-of-band exchange; receiving(1004), by the VCS (1001), at least an address identifier for thevehicle sensor device (1003); associating (1006), by the VCS (1001), theaddress identifier with a sensor identifier of the vehicle sensor device(1003); receiving (1008), by the VCS (1001), a packet (1005) identifiedby a resolvable private address (RPA) from the vehicle sensor device(1003); and identifying (1010), by the VCS (1001), the vehicle sensordevice (1003) from the RPA using the address identifier; receiving(1102), by the VCS (1001), a pairing request (1101) for the vehiclesensor device (1003) from a mobile device (1103); and sending (1104),from the VCS (1001), the sensor identifier and the address identifier ofvehicle sensor device(1003) to the mobile device (1103).

The method of FIG. 12 differs from the method of FIG. 11 in that themethod of FIG. 12 also includes sending (1202), from the VCS (1001), theidentity information (1201) of the mobile device (1103) to the vehiclesensor device (1003). Sending (1202), from the VCS (1001), the identityinformation (1201) of the mobile device (1103) to the vehicle sensordevice (1003) may be carried out by the VCS (1001) transmitting a storedpublic address, device address, IRK, or other identifying informationcorresponding to the mobile device (1103) to the vehicle sensor device(1003). The identifying information (1201) may be credentialed identityinformation of the mobile device (1103) in that it is transmitted by theVCS (1001), which has already paired with the mobile device (1103). Forexample, the VCS (1001) may transmit a configuration parameter to thevehicle sensor device (1003) such that the identity information of themobile device (1103) is added to a permitted device list (i.e.,whitelist) of the vehicle sensor device (1003).

For further explanation, FIG. 13 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 10 , the method of FIG. 13also includes pairing (1002), by the vehicle sensor device (VCS) (1001),with a wireless vehicle sensor device (1003) using a pre-shared passkey,wherein the pre-shared passkey is shared between the vehicle sensordevice (1003) and the VCS (1001) via an out-of-band exchange; receiving(1004), by the VCS (1001), at least an address identifier for thevehicle sensor device (1003); associating (1006), by the VCS (1001), theaddress identifier with a sensor identifier of the vehicle sensor device(1003); receiving (1008), by the VCS (1001), a packet (1005) identifiedby a resolvable private address (RPA) from the vehicle sensor device(1003); and identifying (1010), by the VCS (1001), the vehicle sensordevice (1003) from the RPA using the address identifier.

The method of FIG. 13 differs from the method of FIG. 10 in that pairing(1002), by the vehicle sensor device (VCS) (1001), with a wirelessvehicle sensor device (1003) using a pre-shared passkey, wherein thepre-shared passkey is shared between the vehicle sensor device (1003)and the VCS (1001) via an out-of-band exchange includes exchanging(1302) the pre-shared passkey via a pairing tool (1301) configured forwireless communication with the vehicle sensor device (1003) and forcommunication with the VCS (1001). Exchanging (1302) the pre-sharedpasskey via the pairing tool (1301) configured for wirelesscommunication with the vehicle sensor device (1003) and forcommunication with the VCS (1001) may be carried out by the VCS (1001)communicating with a wireless tool (e.g., the pairing tool (200) of FIG.2 ) to transmit or receive the pre-shared passkey. In an exemplaryembodiment, the VCS (1001) may receive, from the wireless tool, apre-shared passkey that was generated by the pairing tool, the vehiclesensor device (1003), or another device configured to facilitate thepairing of the vehicle sensor device (1003) with the VCS (1001). In someembodiments, the VCS (1001) also receives, from the wireless tool, theIRK used by the vehicle sensor device (1003). In another exemplaryembodiment, the VCS (1001) may transmit, to the wireless tool, apre-shared passkey that was generated by the VCS (501). In a particularembodiment, the VCS (1001) may transmit the pre-shared passkey to thepairing tool via a BLE transceiver. In other embodiments, the VCS (1001)may transmit the passkey via a wired connection to the VCS (1001), suchas a CAN interface of the VCS (1001). In yet another embodiment, thepre-shared passkey may be a security parameter of the VCS (1001)provided to the pairing tool.

For further explanation, FIG. 14 sets forth a flow chart illustrating anexemplary method for securely pairing a vehicle-mounted wireless sensorwith a central device according to embodiments of the presentdisclosure. Like the exemplary method of FIG. 10 , the method of FIG. 14also includes pairing (1002), by the vehicle sensor device (VCS) (1001),with a wireless vehicle sensor device (1003) using a pre-shared passkey,wherein the pre-shared passkey is shared between the vehicle sensordevice (1003) and the VCS (1001) via an out-of-band exchange; receiving(1004), by the VCS (1001), at least address identifier for the vehiclesensor device (1003); associating (1006), by the VCS (1001), the addressidentifier with a sensor identifier of the vehicle sensor device (1003);receiving (1008), by the VCS (1001), a packet (1005) identified by aresolvable private address (RPA) from the vehicle sensor device (1003);and identifying (1010), by the VCS (1001), the vehicle sensor device(1003) from the RPA using the address identifier.

The method of FIG. 14 differs from the method of FIG. 10 in that pairing(1002), by the vehicle sensor device (VCS) (1001), with a wirelessvehicle sensor device (1003) using a pre-shared passkey, wherein thepre-shared passkey is shared between the vehicle sensor device (1003)and the VCS (1001) via an out-of-band exchange includes receiving (1402)the pre-shared passkey from the vehicle sensor device (1003) in one ormore communication frames. Receiving (1402) the pre-shared passkey(1401) from the vehicle sensor device (1003) in an initial communicationframe may be carried out by the vehicle sensor device (1003)transmitting a packet to the VCS (1001) over a communication channeladvertised with the sensor ID of the vehicle sensor device (1003) aspart of the initial communication between the vehicle sensor device(1003) and the VCS (1001). For example, the pre-shared passkey (1401)may be transmitted in one or more initial communication frames so thatthe VCS (1001) may identify the vehicle sensor device (1003) based onthe pre-shared passkey.

In view of the explanations set forth above, readers will recognize thatthe benefits of securely pairing a vehicle-mounted wireless sensor witha central device according to embodiments of the present disclosureinclude, but are not limited to:

-   -   The wireless vehicle sensor may be securely paired to the        vehicle control system using an out-of-band interface that does        not require a physical or display interface on the vehicle        sensor;    -   Direct pairing of a user's smart device with the wireless        vehicle sensor, even when the sensor uses a private address, is        accomplished by sharing the sensor pairing information between        the vehicle control system and the user's smart device;    -   A user's smart device may initiate bidirectional communication        with the wireless vehicle sensor based on the sensor pairing        information obtained via the vehicle control system;    -   Power consumption in the wireless vehicle sensor may be reduced        by filtering connection requests according to whitelisted        devices.

Exemplary embodiments of the present invention are described largely inthe context of a fully functional computer system for securely pairing avehicle-mounted wireless sensor with a central device. Readers of skillin the art will recognize, however, that the present invention also maybe embodied in a computer program product disposed upon computerreadable storage media for use with any suitable data processing system.Such computer readable storage media may be any storage medium formachine-readable information, including magnetic media, optical media,or other suitable media. Examples of such media include magnetic disksin hard drives or diskettes, compact disks for optical drives, magnetictape, and others as will occur to those of skill in the art. Personsskilled in the art will immediately recognize that any computer systemhaving suitable programming means will be capable of executing the stepsof the method of the invention as embodied in a computer programproduct. Persons skilled in the art will recognize also that, althoughsome of the exemplary embodiments described in this specification areoriented to software installed and executing on computer hardware,nevertheless, alternative embodiments implemented as firmware or ashardware are well within the scope of the present invention.

The present invention may be a system, an apparatus, a method, and/or acomputer program product. The computer program product may include acomputer readable storage medium (or media) having computer readableprogram instructions thereon for causing a processor to carry outaspects of the present invention.

The computer readable storage medium can be a tangible device that canretain and store instructions for use by an instruction executiondevice. The computer readable storage medium may be, for example, but isnot limited to, an electronic storage device, a magnetic storage device,an optical storage device, an electromagnetic storage device, asemiconductor storage device, or any suitable combination of theforegoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a random access memory (RAM), aread-only memory (ROM), an erasable programmable read-only memory (EPROMor Flash memory), a static random access memory (SRAM), a portablecompact disc read-only memory (CD-ROM), a digital versatile disk (DVD),a memory stick, a floppy disk, a mechanically encoded device such aspunch-cards or raised structures in a groove having instructionsrecorded thereon, and any suitable combination of the foregoing. Acomputer readable storage medium, as used herein, is not to be construedas being transitory signals per se, such as radio waves or other freelypropagating electromagnetic waves, electromagnetic waves propagatingthrough a waveguide or other transmission media (e.g., light pulsespassing through a fiber-optic cable), or electrical signals transmittedthrough a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions for carrying out operations ofthe present invention may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, or either source code or object code written in anycombination of one or more programming languages, including an objectoriented programming language such as Smalltalk, C++ or the like, andconventional procedural programming languages, such as the “C”programming language or similar programming languages. In someembodiments, electronic circuitry including, for example, programmablelogic circuitry, field-programmable gate arrays (FPGA), or programmablelogic arrays (PLA) may execute the computer readable programinstructions by utilizing state information of the computer readableprogram instructions to personalize the electronic circuitry, in orderto perform aspects of the present invention.

Aspects of the present invention are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart and/or block diagram blockor blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatuses, or otherdevices to cause a series of operational steps to be performed on thecomputer, other programmable apparatuses or other devices to produce acomputer implemented process, such that the instructions which executeon the computer, other programmable apparatus, or other device implementthe functions/acts specified in the flowchart and/or block diagram blockor blocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, apparatuses, methods, and computer program productsaccording to various embodiments of the present invention. In thisregard, each block in the flowchart or block diagrams may represent amodule, segment, or portion of instructions, which comprises one or moreexecutable instructions for implementing the specified logicalfunction(s). In some alternative implementations, the functions noted inthe block may occur out of the order noted in the figures. For example,two blocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts or carry outcombinations of special purpose hardware and computer instructions.

It will be understood from the foregoing description that modificationsand changes may be made in various embodiments of the present disclosurewithout departing from its true spirit. The descriptions in thisspecification are for purposes of illustration only and are not to beconstrued in a limiting sense. The scope of the present disclosure islimited only by the language of the following claims.

What is claimed is:
 1. A method for securely pairing a vehicle-mountedwireless sensor with a central device, the method comprising: pairing,by a vehicle sensor device, with a vehicle control system (VCS) using apre-shared passkey, wherein the pre-shared passkey is shared between thevehicle sensor device and the VCS via an out-of-band exchange;transmitting, by the vehicle sensor device, an identifier for aresolvable private address (RPA) to the VCS; and communicating, by thevehicle sensor device, with the VCS using the RPA, wherein the RPA isperiodically regenerated by the vehicle sensor device.
 2. The method ofclaim 1, further comprising: receiving, by the vehicle sensor devicefrom the VCS, identity credentials for a mobile device; and adding, bythe vehicle sensor device, the identity credentials to a permitteddevice list.
 3. The method of claim 2, further comprising: receiving bythe vehicle sensor device, a wireless connection request from the mobiledevice; and accepting, by the vehicle sensor device, the wirelessconnection request from the mobile device in response to determiningthat the mobile device is on the permitted device list.
 4. The method ofclaim 3, wherein the wireless connection request is directed to the RPAof the wireless vehicle sensor device using the identifier provided tothe mobile device by the VCS.
 5. The method of claim 3, wherein thevehicle sensor device includes a tire pressure monitoring system (TPMS)sensor, and wherein the vehicle sensor device transmits tire fill assistdata to the mobile device.
 6. The method of claim 1, wherein pairing, bythe vehicle sensor device, with the vehicle control system (VCS) usingthe pre-shared passkey, wherein the pre-shared passkey is shared betweenthe vehicle sensor device and the VCS via an out-of-band exchange,includes exchanging the pre-shared passkey via a pairing tool configuredfor wireless communication with the vehicle sensor device and forcommunication with the VCS.
 7. The method of claim 1, wherein pairing,by the vehicle sensor device, with the vehicle control system (VCS)using the pre-shared passkey, wherein the pre-shared passkey is sharedbetween the vehicle sensor device and the VCS via an out-of-bandexchange, includes transmitting the pre-shared passkey to the VCS in oneor more communication frames.
 8. The method of claim 1, wherein thepre-shared key is at least one of a randomly generated code and aVCS-supplied security parameter.
 9. The method of claim 1, wherein thevehicle sensor device is a Bluetooth-enabled device.
 10. The method ofclaim 1, wherein the vehicle sensor device is a tire pressure monitoringsystem device.
 11. A wireless vehicle sensor device for securely pairinga vehicle-mounted wireless sensor with a central device, comprising: atransceiver configured for bidirectional communication; and a controllerconfigured to: pair, via the transceiver, with a vehicle control system(VCS) using a pre-shared passkey, wherein the pre-shared passkey isshared between the vehicle sensor device and the VCS via an out-of-bandexchange; transmit, via the transceiver, an identifier for a resolvableprivate address (RPA) to the VCS; and communicate, via the transceiver,by the vehicle sensor device, with the VCS using the RPA, wherein theRPA is periodically regenerated by the vehicle sensor device.
 12. Amethod for securely pairing a vehicle-mounted wireless sensor with acentral device, the method comprising: pairing, by a vehicle controlsystem (VCS), with a wireless vehicle sensor device using a pre-sharedpasskey, wherein the pre-shared passkey is shared between the vehiclesensor device and the VCS via an out-of-band exchange; receiving, by theVCS, at least an address identifier for the vehicle sensor device;associating, by the VCS, the address identifier with a sensor identifierof the vehicle sensor device; receiving, by the VCS, a packet identifiedby a resolvable private address (RPA) from the vehicle sensor device;and identifying the vehicle sensor device based on the RPA using theaddress identifier.
 13. The method of claim 12, further comprising:receiving, by the VCS, a pairing request for the vehicle sensor devicefrom a mobile device; and sending, from the VCS, the sensor identifierand the address identifier of the vehicle sensor device to the mobiledevice.
 14. The method of claim 13, further comprising: sending, fromthe VCS, the identity information of the mobile device to the vehiclesensor device.
 15. The method of claim 12, wherein pairing, by thevehicle control system (VCS), with the wireless vehicle sensor deviceusing the pre-shared passkey, wherein the pre-shared passkey is sharedbetween the vehicle sensor device and the VCS via an out-of-bandexchange, includes exchanging the pre-shared passkey via a pairing toolconfigured for wireless communication with the vehicle sensor device andfor communication with the VCS.
 16. The method of claim 12, whereinpairing, by the vehicle control system (VCS), with the wireless vehiclesensor device using the pre-shared passkey, wherein the pre-sharedpasskey is shared between the vehicle sensor device and the VCS via anout-of-band exchange, includes receiving the pre-shared passkey and asensor identifier of the vehicle sensor device from the vehicle sensordevice in one or more communication frames.
 17. The method of claim 12,wherein the pre-shared key is at least one of a randomly generated codeand a VCS-supplied security parameter.
 18. The method of claim 12,wherein the vehicle sensor device is a Bluetooth-enabled device.
 19. Themethod of claim 12, wherein the vehicle sensor device is a tire pressuremonitoring system device.
 20. A vehicle control system for securelypairing a vehicle-mounted wireless sensor with a central device,comprising: a transceiver configured for bidirectional communication; amemory; and a controller configured to: pair, via the transceiver, witha wireless vehicle sensor device using a pre-shared passkey, wherein thepre-shared passkey is shared between the vehicle sensor device and theVCS via an out-of-band exchange; receive, via the transceiver, anaddress identifier for the vehicle sensor device; associate, in a datastructure store in the memory, the address identifier with a sensoridentifier of the vehicle sensor device; receive, via the transceiver, apacket identified by a resolvable private address (RPA) from the vehiclesensor device; and identify the vehicle sensor device based on the RPAusing the address identifier.